From 713e321fcf34f0c2f74db6dc3ec7d51e09c2d4f6 Mon Sep 17 00:00:00 2001 From: Roland Scheidegger Date: Mon, 15 Apr 2013 03:57:23 +0200 Subject: [PATCH] gallivm: fix small but severe bug in handling multiple lod level strides Inserting the value for the second quad in the wrong place for the following shuffle. This meant the row or image stride was undefined which is quite catastrophic, can lead to bogus texels fetched or just segfault. This code is only hit for SoA path currently, still surprising it didn't crash more or caused more visible issues (I think llvm used a broadcast shuffle for the undefined parts of the vector, hence the undefined value for the second quad was just the same as that from the first quad, so as long as both quads hit the same mip level everything was fine, and since lower mips always have the same large stride it made it less likely to hit out-of-bound memory in case of differing lods). Note: this is a candidate for stable branches. Reviewed-by: Jose Fonseca (cherry picked from commit 1d6eb23f2dc1bb53636802cb698e6788ca0a26ac) --- src/gallium/auxiliary/gallivm/lp_bld_sample.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gallium/auxiliary/gallivm/lp_bld_sample.c b/src/gallium/auxiliary/gallivm/lp_bld_sample.c index 53223973172..4ea14071e8c 100644 --- a/src/gallium/auxiliary/gallivm/lp_bld_sample.c +++ b/src/gallium/auxiliary/gallivm/lp_bld_sample.c @@ -867,7 +867,7 @@ lp_build_get_level_stride_vec(struct lp_build_sample_context *bld, stride = bld->int_coord_bld.undef; for (i = 0; i < bld->num_lods; i++) { LLVMValueRef indexi = lp_build_const_int32(bld->gallivm, i); - LLVMValueRef indexo = lp_build_const_int32(bld->gallivm, i); + LLVMValueRef indexo = lp_build_const_int32(bld->gallivm, 4 * i); indexes[1] = LLVMBuildExtractElement(builder, level, indexi, ""); stride1 = LLVMBuildGEP(builder, stride_array, indexes, 2, ""); stride1 = LLVMBuildLoad(builder, stride1, "");